RASDIAG isn't a network capture... It's more like application tracing. I got a capture (can repro at will), so I'll take a gander (or a goose) at it sometime today and see what there is to see... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Monday, June 20, 2005 08:35 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Proxy Authentication - Streaming Media http://www.ISAserver.org I'll try to get one of those later today or in the morning, when the traffic slows down. Right now you'd have to wade through tons of irrelevant data to find the parts that are useful. Do you want these in RASDIAG or NETMON format? -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, June 20, 2005 09:22 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Proxy Authentication - Streaming Media http://www.ISAserver.org Even better is a network capture. Logs only tell you what ISA saw and how it reacted. Captures tell you exactly what happened "on the wire". -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Monday, June 20, 2005 5:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Proxy Authentication - Streaming Media http://www.ISAserver.org Okay, I ran into one this morning, played around with it a bit to see what was going on. Here are a couple of links to try, taken from the recent W2KNews e-mail: If I click on the link provided in the e-mail: http://www.w2knews.com/rd/rd.cfm?id=050620FA-Barrier It prompts me for a username/password, then it allows me to view the video. If I go to the actual URL where the video is stored: http://www.sunbelt-software.com/stu/video/vehiclebarrier.wmv It immediately shows the video without any additional login. I also tested both URLs by copying/pasting them into IE, and they both work fine if I enter that way. The prompt seems to occur when I click on the link from within Outlook. If you want a firewall log transcript, I saved that also. -----Original Message----- From: Ball, Dan Sent: Thursday, June 16, 2005 07:23 To: '[ISAserver.org Discussion List]' Subject: RE: [isalist] RE: Proxy Authentication - Streaming Media I'm gonna ask around to get a list of sites that cause this, so I have something to work with. I know it still happens, but I can't think of the exact sites right now. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, June 15, 2005 20:29 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Proxy Authentication - Streaming Media http://www.ISAserver.org Hi Dan, Sounds like they're accessing a site that requires Direct Access. Any examples of sites that you see this on? Thanks! Tom -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, June 15, 2005 3:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Proxy Authentication - Streaming Media http://www.ISAserver.org Sorry I didn't ask the question there... When you got done, there were only a couple minutes left for questions and I thought it would be better to reserve that small amount of time for questions that were on-topic. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.